使用htaccess的从文本文件禁止IP地址 [英] Ban IPs from text file using htaccess
问题描述
我已阅读并理解了如何使用htaccess的阻止一个IP:
I read and understand how to block an ip using htaccess:
order deny,allow
deny from 111.222.33.44
deny from 55.66.77.88
...
allow from all
但我黑色的IP地址列表,包括数以千计的IPS。 我所有的IP地址保存到 blacklist.txt 文件。
But my list of black IPs includes thousands of IPs. I save all IPs to a blacklist.txt file.
我可以使用htaccess的调用 blacklist.txt 并阻止它们存储在该文件中的所有IP地址?如果是这样,怎么样?
Can I use htaccess to call blacklist.txt and block all IPs which are stored in this file? If so, how?
推荐答案
您可以尝试使用的 RewriteMap指令。你需要访问的服务器/虚拟主机的配置,因为该指令只在那里工作。然后,您可以使用地图内htaccess的文件。
You can try using variations of RewriteMap. You'll need access to the server/vhost config because that directive only works there. You can then use the map inside htaccess files.
假设您的 blacklist.txt 文件看起来是这样的:
Say your blacklist.txt file looks like this:
111.222.33.44 deny
55.66.77.88 deny
192.168.0.1 allow
您可以定义图如下所示:
You can define the map like so:
RewriteEngine On
RewriteMap access txt:/path/to/blacklist.txt
然后在你的htaccess的,你可以调用图:
Then in your htaccess, you can invoke the map:
RewriteEngine On
RewriteCond ${access:%{REMOTE_ADDR}} deny [NC]
RewriteRule ^ - [L,F]
条件调用地图,并检查是否在远程地址映射到单词否定,如果是这样,重写规则完全禁止访问。
The condition invokes the map and checks if the remote address maps to the word "deny", and if so, the rewrite rule outright forbids access.
如果您的 blacklist.txt 是IP地址的只有一个列表,你不希望添加的每一个接一个的拒绝,你需要调用程序的地图类型,然后撰写一个脚本,是这样的:
If your blacklist.txt is only a list of IPs, and you don't want to add a "deny" after each one, you'll need to invoke a program map type and write a script, something like this:
#!/bin/bash
while true
do
read INPUT
MATCH=`grep $INPUT /path/to/blacklist.txt`
if [ -z "$MATCH" ]; then
echo "allow"
else
echo "deny"
fi
done
这无限循环读取输入,并在里grep blacklist.txt 文件。如果IP是在文件中,输出一个拒绝,否则它输出允许。然后,你会创建地图,如下所示:
which infinite loops read input and greps the blacklist.txt file. If the IP is in the file, output a "deny", otherwise it outputs a "allow". Then you'd create the map like so:
RewriteEngine On
RewriteMap access prg:/path/to/blacklist.txt
和重写规则所要检查的地图就没有什么不同。
And the rewrite rule to check against the map would be no different.
这篇关于使用htaccess的从文本文件禁止IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!